With the rise in value of intellectual property, cybercriminals are now aiming their activity on the manufacturing sector. Manufacturers in the past haven’t practiced the strictest of cybersecurity measures, making themselves quite vulnerable today. The exception to this are industries, such as chemical and pharmaceutical manufacturing, which are subject to federal regulations regarding cybersecurity.
Within the general manufacturing sector many companies are increasingly worried about intellectual property theft regarding product design and manufacturing costs. In particular they are concerned about this type of information being used by overseas competitors.
SystemExperts recommends that manufacturing companies create a cyber security program that aligns with ISO 27002, aka Information technology – Security techniques – Code of practice for information security controls, or the NIST Cyber Security Framework (CSF). Implementing either of these frameworks will help defend companies from a broad range of threats including the narrow issues of ransomware and intellectual property theft.
In the short term, manufacturing companies should prepare for cyberattacks. First priorities to prepare for such attacks include:
- Identify all business critical files
- Ensure all business critical files are backed up
- Ensure that backup files are isolated and can only be accessed by an account dedicated to backup and restoration operations
- Ensure that backups can be restored
- Ensure all devices used for reading email have current, active, anti-virus software installed and running
- Ensure that all email gateways are performing real-time inspection and detection to completely dissemble email attachments and downloads to remove potential malware threats
- Restrict user accounts, these should not have local administrator rights nor administrative rights to file shares or servers
- Educate users about the proper use of email, phishing attacks, and ransomware
For additional information visit the NoMoreRansom.org site and read the materials available on it. Companies that are a victim of ransomware should visit the site and determine if the files can be recovered without paying the ransom.
Paul Hill has worked with SystemExperts as a principal project consultant for more than twelve years assisting on a wide range of challenging projects across a variety of industries including higher education, legal, and financial services. He joined SystemExperts full time in March 2012 and coordinates the SMARTday practice.